How do I redirect all visitors to HTTPS/SSL?

To redirect traffic for all subdomains and hosts in your domain, enable the Always Use HTTPS feature in the Cloudflare Crypto app. Alternatively if you don't want your whole site redirected to HTTPS, redirect on a URL basis using the Cloudflare Page Rulesapp.

While protecting your site via Cloudflare, it is not recommended to perform redirects at your origin web server:

Page Rule redirects are processed at the Cloudflare edge resulting in quicker response and reduced requests to your server.

When configuring Page Rules, the Always use HTTPS action is the simplest method to redirect HTTP requests to HTTPS. You can also use the Forwarding URL action with a 301 redirect if you need to redirect to another subdomain in addition to forcing HTTPS. For example, a Page Rule match for

http://example.com/*

with a Forwarding URL of

https://www.example.com/$1

will redirect requests for the example.com root domain to the www.example.com subdomain while preserving the URL directory.

The Always Use HTTPS action will only appear if your zone has an active Cloudflare SSL certificate.

Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.

Does SSL work for hosting partners?

A Free Universal SSL certificate is available for all new Cloudflare domains added via a hosting partner through both CNAME and Full DNS integrations.

For domains added to Cloudflare prior to December 9, 2016, the hosting partner must delete and re-add the domain to Cloudflare to provision the SSL certificate.

Proxy a subdomain through Cloudflare to provision the Free Universal SSL certificate.

Are Cloudflare SSL certificates shared?

Universal SSL certificates are shared across multiple domains for multiple customers. If certificate sharing is a concern, Cloudflare recommends a Dedicated or Custom SSL certificate.

An SSL certificate is installed at my website , why do I see a Cloudflare certificate?

Cloudflare must decrypt traffic in order to cache and filter malicious traffic. Cloudflare either re-encrypts traffic or sends plain text traffic to the origin web server depending on the SSL option selected in the Crypto app.

Does Project Galileo include SSL support?

Does enabling Cloudflare affect PayPal's TLS 1.2 requirement?

No. Since Cloudflare does not proxy connections made directly to paypal.com, enabling Cloudflare for your domain does not affect how TLS connections are made.

To determine if your server or browser supports these standards, visit https://tlstest.paypal.com from a client or browser that uses PayPal. A response of PayPal_Connection_OK demonstrates the client already supports TLS standards compatible with PayPal.